﻿using IdentityServer4;
using IdentityServer4.Models;

namespace XLZF.MicroServices.IDS4;

public static class Config
{
    public static IEnumerable<IdentityResource> IdentityResources => new IdentityResource[]
    {
        new IdentityResources.OpenId(),
        new IdentityResources.Profile(),
    };
    /// <summary>
    /// 允许访问哪些Api（就像我允许我家里的哪些东西可以让顾客访问使用，如桌子，椅子等等）  
    /// </summary>
    /// <returns></returns>
    public static IEnumerable<ApiResource> GetApiResources() => new List<ApiResource>
    {
        new ApiResource("GetSearch", "用户获取API")
        {
            Scopes = {"scope1"}
        }
    };

    public static IEnumerable<ApiScope> ApiScopes => new ApiScope[]
    {
        new ApiScope("scope1","作用域1"),
        new ApiScope("scope2","作用域2")
    };

    public static IEnumerable<Client> Clients => new Client[]
    {
        new Client
        {
            //客户端模式
            ClientId = "Harris_ClientID",//客户端唯一标识
            ClientName = "Harris_ClientName",//
            ClientSecrets = new []{new Secret("Harris123456".Sha256())},//
            AllowedGrantTypes= GrantTypes.ClientCredentials,
            AllowedScopes = new []{"scope1"}, //允许访问的资源
        },
        new Client
        {
            //资源拥有者模式
            ClientId = "Harris_Client_Pass_ID",//客户端ID
            ClientName="Harris_Client_Pass_Name",//客户端名称
            ClientSecrets = new []{new Secret("Harris123456".Sha256()) },//秘钥
            AllowedGrantTypes= GrantTypes.ResourceOwnerPassword,//模式
            AllowedCorsOrigins = { "http://localhost:8081"},//跨域
            AllowAccessTokensViaBrowser=true,//允许将token通过浏览器传递
            AllowOfflineAccess = true,//如果要获取refresh_tokens ,必须把AllowOfflineAccess设置为true
            AllowedScopes = new List<string>{ "scope1",
                IdentityServerConstants.StandardScopes.OpenId,
                IdentityServerConstants.StandardScopes.Profile
            }//必须要添加，否则报forbidden错误
        },
        new Client
        {
            //授权码模式
            ClientId = "Harris_MVC_ID",
            ClientName="Harris_MVC_Name",
            ClientSecrets = new []{new Secret("Harris123456".Sha256()) },//
            AllowedGrantTypes= GrantTypes.Code,//授权码模式
            RedirectUris = {"https://localhost:5001/signin-oidc"}, //登录
            PostLogoutRedirectUris={"https://localhost:5001/signout-callback-oidc"},//登出
            AllowAccessTokensViaBrowser=true,//允许将token通过浏览器传递
            RequireConsent=true,// 是否需要同意授权 （默认是false）
            RequirePkce=true,
            AllowedScopes = new List<string>{ "scope1",
                IdentityServerConstants.StandardScopes.OpenId,
                IdentityServerConstants.StandardScopes.Profile
            } //允许访问的资源
        }
    };

    public static IEnumerable<ApplicationUser> Users => new[]
    {
        new ApplicationUser
        {
            BirthDate = DateTime.Now,
            Email = "user1@qq.com",
            UserName = "user1",
            NickName = "用户1",
            EmailConfirmed = true
        },
        new ApplicationUser
        {
            BirthDate = DateTime.Now,
            Email = "user2@qq.com",
            UserName = "user2",
            NickName = "用户2",
            EmailConfirmed = true
        },
    };

    public static IEnumerable<ApplicationRole> Roles => new[]
    {
        new ApplicationRole
        {
            Name = "admin",
            Description = "管理员",
        },
        new ApplicationRole
        {
            Name = "user",
            Description = "用户",
        },
        new ApplicationRole
        {
            Name = "guest",
            Description = "访客",
        },
    };
}
